公开(公告)号：WO2022108920A1

公开(公告)日：2022-05-27

申请号：PCT/US2021/059502

申请日：2021-11-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GRAYSON, Mark ,  BRINCKMAN, Bart, A. ,  GUNDAVELLI, Srinath

IPC: H04L61/301 ,  H04L101/35 ,  H04L9/40 ,  H04L61/4511

Abstract: A method is provided that includes obtaining an access request for a device to access a visited access network, the access request including an authentication identifier for the device including an identity for the device and a realm comprising a network identifying portion; determining a re-write rule for the realm by querying a database based on an identity type of the device and the network identifying portion of the realm, the database including a plurality of re-write rules for a plurality of networks and a plurality of identity types; re-writing the realm based on the re-write rule using the identity for the device to generate a re-written realm; obtaining, based on the re-written realm, an address for an authentication server of an identity provider associated with the device; and performing an authentication with the authentication server using the authentication identifier to authenticate the device for the visited access network.

公开(公告)号：WO2022103694A1

公开(公告)日：2022-05-19

申请号：PCT/US2021/058441

申请日：2021-11-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： JAIN, Prakash, C. ,  HOODA, Sanjay, Kumar ,  KUMAR, Rajeev ,  YEEVANI-SRINIVAS, Ramesh

IPC: H04L67/51 ,  H04L67/10 ,  H04L67/562 ,  H04L67/00

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：WO2022098609A1

公开(公告)日：2022-05-12

申请号：PCT/US2021/057609

申请日：2021-11-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAJAMANICKAM, Jaganbabu ,  NAINER, Nagendra Kumar ,  DUKES, Darren Russell ,  PIGNATARO, Carlos M. ,  SANKARANARAYANAN, Madhan

IPC: H04L43/10 ,  H04L43/20 ,  H04L45/00 ,  H04L43/08

Abstract: Techniques for utilizing edge nodes disposed throughout a multi-site cloud computing network to generate a probe packet including indicators that guarantee the use of forward and return route paths to accurately measure the network performance of a route path between two endpoints in a wide area network (WAN). An edge node disposed in a site of the multi-site cloud computing network may store in virtual memory associated with the edge node, a mapping between route paths, usable to send data from the edge node to remote edge nodes in remote sites, and route indicators. A probe packet may include a data portion for measuring the network performance of a route path, a portion including local and remote discriminators, and/or an inner and an outer header.

公开(公告)号：WO2022081578A1

公开(公告)日：2022-04-21

申请号：PCT/US2021/054587

申请日：2021-10-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus, G.P. ,  DUMINUCO, Alessandro ,  BARBOT, Julien ,  NAPPER, Jeffrey, Michael ,  MULLENDER, Sape, Jurrien

IPC: H04L9/40

Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a seemed connection.

公开(公告)号：WO2022067325A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/071569

申请日：2021-09-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SZIGETI, Thomas ,  HENRY, Jerome ,  BARTON, Robert E. ,  SMITH, Malcolm M.

IPC: H04L43/10 ,  H04W24/08 ,  H04L43/0817 ,  H04L43/0852

Abstract: Automating and extending path tracing through wireless links is provided by receiving request to perform a network trace over a wireless link provided by an Access Point (AP) configured as a transparent forwarder between a trace source and a trace target; monitoring a trace packet from a first time of arrival at the AP, a first time of departure from the AP, a second time of arrival at the AP, and a second time of departure from the AP; monitoring a buffer status of the AP at the first time of arrival and the second time of arrival; and in response to identifying a network anomaly based on the trace packet and the buffer status, adjusting a network setting at the AP.

公开(公告)号：WO2022066494A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/050605

申请日：2021-09-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WELL, Ian, James ,  MESTERY, Kely, Andrew Donald ,  DURAJ, Grzegorz, Boguslaw

IPC: G06F8/41 ,  G06F8/51 ,  G06F8/30 ,  G06F8/60 ,  H04L12/24

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：WO2022066493A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/050599

申请日：2021-09-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  WELLS, Ian James ,  DURAJ, Grzegorz, Boguslaw

IPC: G06F8/51 ,  G06F8/71 ,  G06F8/30 ,  G06F8/41 ,  G06F8/60

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：WO2022060625A1

公开(公告)日：2022-03-24

申请号：PCT/US2021/049678

申请日：2021-09-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KULSHRESHTHA, Ashutosh ,  SLOANE, Andy ,  PATEL, Hiral Shashikant ,  CHETTIAR, Uday Krishnaswamy ,  KEMPE, Oliver ,  VISWANATHAN, Bharathwaj Sankara ,  YADAV, Navindra

IPC: G06F21/50

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

公开(公告)号：WO2022055716A1

公开(公告)日：2022-03-17

申请号：PCT/US2021/047784

申请日：2021-08-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： V, Rajesh, I ,  RAVINDRANATH, Rammohan ,  PATIL, Prashanth ,  SAINI, Vinay

IPC: G06F21/53

Abstract: A trusted application manager (TAM) includes a processor, and anon-transitory computer- readable media storing instructions that, when executed by the processor, causes the processor to perform operations comprising obtaining, from a secure access service edge (SASE) device executing a security service, a data set defining intelligence provided by the security service, defining a policy based at least in part on the intelligence provided by the security service, and managing a trusted application (TA) based on the policy.

公开(公告)号：WO2022046627A1

公开(公告)日：2022-03-03

申请号：PCT/US2021/047137

申请日：2021-08-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： THUBERT, Pascal ,  WETTERWALD, Patrick ,  ZADDACH, Jonas ,  LEVY-ABEGNOLI, Eric

IPC: H04L29/06

Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.